Supply-Chain Attack Hits Injective SDK After Malicious npm Package Compromise
AI Market Summary
A supply-chain compromise of an Injective npm SDK package reportedly enabled malware to exfiltrate wallet seed phrases and private keys, raising immediate counterparty and operational risk for users and developers integrating the library. Although the malicious release was removed, any exposed credentials should be assumed compromised, which can trigger forced key rotations, incident response costs, and near-term trust deterioration across the Injective ecosystem and related DeFi tooling.
Impact level
● Medium
Affected assets
INJ/USDT+1.09%
AI Insight · INJ/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
A widely used Injective (@Injective) npm package was compromised with malware designed to steal crypto wallet private keys, according to security firm Socket. The attackers are said to have gained access to a developer's GitHub account and then pushed changes to the npm package. The malicious code covertly captured seed phrases and exfiltrated them via a spoofed telemetry server. The tainted release has since been removed, but any wallet keys and seed phrases exposed during the incident should be treated as compromised.